> ## Documentation Index
> Fetch the complete documentation index at: https://docs.didit.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Submit Transaction (SDK Token)

> Device-facing endpoint the Didit SDKs call to submit a transaction directly from the end-user's device. Authentication is a scoped token from `POST /v3/transactions/sdk-token/` sent in the `X-Transaction-Token` header instead of an API key, and the endpoint is CORS-enabled so browsers can call it cross-origin. The payload uses the camelCase wire aliases shown below (the SDK `submitTransaction` methods build it for you). Three server-side guarantees: the application is always taken from the token; the subject identity (`externalUserId`) is always enforced from the token's `vendor_data`, so spoofed payload values are ignored; and device intelligence (the SDK device fingerprint plus server-derived IP and user agent) is attached to the subject automatically.

export const AgentPromptAccordion = ({prompt, title = "AI Agent Integration Prompt"}) => {
  const [copied, setCopied] = React.useState(false);
  const handleCopy = e => {
    e.stopPropagation();
    if (!prompt) return;
    navigator.clipboard.writeText(prompt.trim()).then(() => {
      setCopied(true);
      setTimeout(() => setCopied(false), 2000);
    });
  };
  const agents = ["Claude Code", "Codex", "Cursor", "Devin", "Windsurf", "GitHub Copilot"];
  return <div className="didit-agent-card">
      {}
      <div className="didit-agent-titlebar">
        <div className="didit-agent-dots" aria-hidden="true">
          <span className="didit-agent-dot didit-agent-dot-red"></span>
          <span className="didit-agent-dot didit-agent-dot-yellow"></span>
          <span className="didit-agent-dot didit-agent-dot-green"></span>
        </div>
        <span className="didit-agent-filename">{title}</span>
        <button type="button" className={`didit-agent-copy ${copied ? "didit-agent-copy-copied" : ""}`} onClick={handleCopy} title="Copy prompt to clipboard" aria-label={copied ? "Copied!" : "Copy prompt to clipboard"}>
          {copied ? <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <path d="M3 8.5l3.5 3.5L13 4" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round" />
              </svg>
              <span>Copied</span>
            </> : <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <rect x="5" y="5" width="9" height="9" rx="1.5" stroke="currentColor" strokeWidth="1.5" />
                <path d="M11 5V3.5A1.5 1.5 0 0 0 9.5 2h-6A1.5 1.5 0 0 0 2 3.5v6A1.5 1.5 0 0 0 3.5 11H5" stroke="currentColor" strokeWidth="1.5" />
              </svg>
              <span>Copy</span>
            </>}
        </button>
      </div>

      {}
      <pre className="didit-agent-body"><code>{prompt.trim()}</code></pre>

      {}
      <div className="didit-agent-footer">
        <span className="didit-agent-footer-label">Paste into</span>
        <div className="didit-agent-chips">
          {agents.map(name => <span key={name} className="didit-agent-chip">{name}</span>)}
        </div>
      </div>
    </div>;
};

<AgentPromptAccordion
  title="Submit Transaction (SDK Token) API Prompt"
  prompt={`Submit a monitored transaction from an end-user device using a scoped SDK token instead of an API key. This is the wire endpoint behind the Didit SDKs' submitTransaction methods - call it directly only when not using an SDK.

Endpoint:
POST https://verification.didit.me/v1/transactions/

Authentication:
X-Transaction-Token header carrying an sdk_token minted by your backend via POST /v3/transactions/sdk-token/. No API key on the device, ever.

Payload (camelCase wire shape - each field maps onto its POST /v3/transactions/ equivalent):
{
"txnId": "wd-2026-07-07-0042",              // -> transaction_id (required)
"type": "travelRule",                        // -> transaction_category (required)
"info": {                                    // -> transaction_details (required)
"direction": "out", "amount": "0.25", "currency": "ETH",
"currencyType": "crypto", "cryptoParams": {"crypto_chain": "ETH"}
},
"subject": { "fullName": "Jane Doe" },       // externalUserId is IGNORED - identity comes from the token
"counterparty": {
"fullName": "Ana Diaz",
"paymentMethod": {"type": "unhosted_wallet", "accountId": "0x..."}  // declares a self-hosted wallet
},
"travelRule": { "beneficiaryData": {"wallet_address": "0x...", "name": "Ana Diaz"} },
"props": { "channel": "mobile_app" },        // -> custom_properties
"includeCryptoScreening": true
}

Three things are always decided by the token, never the payload:
- the application the transaction is created under
- the subject identity (token's vendor_data)
- server-derived device context (IP, user agent) - it wins on conflict.

What to read from the response (same snake_case detail as /v3/, plus):
- status - APPROVED | IN_REVIEW | DECLINED | AWAITING_USER.
- travel_rule.status - the Travel Rule exchange state, when applicable.
- action_required - when the end user must act: type "wallet_ownership" (open the url in a real browser, never a webview) or "verification_session" (launch with your Didit verification integration). null when nothing is pending.

Failure modes:
- 401 - token missing, unknown, revoked, over max_uses, or expired ("expired" appears in the detail for expired tokens).
- 400 - validation errors, with per-field details.

Afterwards:
- Re-read with GET /v1/transactions/{transaction_id}/ (same token) after the user completes an action.
- Your backend also receives transaction.created / transaction.status.updated webhooks with the same action_required block.

Full guide: /transaction-monitoring/sdk-transaction-submission.`}
/>


## OpenAPI

````yaml POST /v1/transactions/
openapi: 3.0.0
info:
  version: 3.0.0
  title: Didit Verification API
  description: Identity verification API. Authenticate with x-api-key header.
servers:
  - url: https://verification.didit.me
security: []
tags: []
paths:
  /v1/transactions/:
    post:
      tags:
        - Transactions
      summary: Submit a transaction from an SDK
      description: >-
        Device-facing endpoint the Didit SDKs call to submit a transaction
        directly from the end-user's device. Authentication is a scoped token
        from `POST /v3/transactions/sdk-token/` sent in the
        `X-Transaction-Token` header instead of an API key, and the endpoint is
        CORS-enabled so browsers can call it cross-origin. The payload uses the
        camelCase wire aliases shown below (the SDK `submitTransaction` methods
        build it for you). Three server-side guarantees: the application is
        always taken from the token; the subject identity (`externalUserId`) is
        always enforced from the token's `vendor_data`, so spoofed payload
        values are ignored; and device intelligence (the SDK device fingerprint
        plus server-derived IP and user agent) is attached to the subject
        automatically.
      operationId: submitTransactionFromSdk
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                txnId:
                  type: string
                  description: >-
                    Your unique identifier for this transaction (maps to
                    `transaction_id`, max 128 characters).
                  example: wd-2026-07-07-0042
                txnDate:
                  type: string
                  format: date-time
                  description: >-
                    When the transaction occurred (maps to `transaction_at`).
                    Defaults to now if omitted.
                zoneId:
                  type: string
                  description: >-
                    IANA time zone identifier (maps to `time_zone`), e.g.
                    `Europe/Madrid`.
                type:
                  type: string
                  description: >-
                    Transaction category (maps to `transaction_category`), e.g.
                    `finance`, `kyc`, `travelRule`, `userPlatformEvent`,
                    `gamblingBet`.
                  example: travelRule
                info:
                  type: object
                  description: >-
                    Core financial details of the transaction (maps to
                    `transaction_details`).
                  required:
                    - direction
                    - amount
                    - currency
                  properties:
                    direction:
                      type: string
                      description: >-
                        Direction relative to the subject. Case-insensitive;
                        `in`/`out` are accepted as aliases. Echoed back
                        uppercase (`INBOUND`/`OUTBOUND`).
                      example: out
                    amount:
                      type: number
                      description: >-
                        Transaction amount (up to 18 decimal places). A decimal
                        string is also accepted.
                      example: 0.25
                    currency:
                      type: string
                      description: Currency code, e.g. `EUR`, `USD`, `ETH`.
                      example: ETH
                    currencyType:
                      type: string
                      description: >-
                        Whether the currency is `fiat` or `crypto` (maps to
                        `currency_kind`).
                    amountInDefaultCurrency:
                      type: number
                      nullable: true
                      description: >-
                        Pre-converted amount in the default currency (maps to
                        `amount_in_default_currency`). If omitted, automatic FX
                        conversion is attempted.
                    defaultCurrencyCode:
                      type: string
                      description: >-
                        The default currency code for the converted amount (maps
                        to `default_currency`).
                    paymentDetails:
                      type: string
                      nullable: true
                      description: >-
                        Free-text payment reference or memo (maps to
                        `payment_details`).
                    paymentTxnId:
                      type: string
                      nullable: true
                      description: >-
                        External payment reference (maps to
                        `payment_reference_id`); the on-chain transaction hash
                        for crypto transactions.
                    type:
                      type: string
                      nullable: true
                      description: >-
                        Sub-type of the transaction (maps to `action_type`),
                        e.g. `deposit`, `withdrawal`, `transfer`.
                    cryptoParams:
                      type: object
                      description: >-
                        Crypto-specific parameters, e.g. `{"crypto_chain":
                        "ETH"}`.
                subject:
                  type: object
                  description: >-
                    The subject (applicant) of the transaction. `externalUserId`
                    is ignored here: the subject identity is always enforced
                    from the token's `vendor_data`.
                  required:
                    - fullName
                  properties:
                    type:
                      type: string
                      description: >-
                        Entity type (maps to `entity_type`): `individual`
                        (default) or `company`.
                    externalUserId:
                      type: string
                      description: >-
                        Ignored on the subject - enforced server-side from the
                        token's `vendor_data`.
                    fullName:
                      type: string
                      example: Jane Doe
                    firstName:
                      type: string
                    lastName:
                      type: string
                    dob:
                      type: string
                      format: date
                      description: Date of birth (YYYY-MM-DD; maps to `date_of_birth`).
                    address:
                      type: object
                      description: >-
                        Address object with `country` (ISO 3166-1 alpha-3),
                        `town`, `state`, `street`, `post_code`.
                    institutionInfo:
                      type: object
                      description: >-
                        Institution details for institutional participants (maps
                        to `institution_details`).
                    device:
                      type: object
                      description: >-
                        Optional explicit device context. Merged with the
                        automatically captured device intelligence;
                        server-derived fields win on conflict.
                    paymentMethod:
                      type: object
                      description: >-
                        Payment method used by the subject (maps to
                        `payment_method`).
                      properties:
                        type:
                          type: string
                          description: >-
                            Payment method kind (maps to `method_type`), e.g.
                            `bank_card`, `bank_account`, `crypto_wallet`,
                            `ewallet`, `unhosted_wallet`, `other`.
                        accountId:
                          type: string
                          description: >-
                            Account identifier (maps to `account_id`): IBAN,
                            card fingerprint, or wallet address.
                        issuingCountry:
                          type: string
                          description: >-
                            ISO 3166-1 alpha-3 country code of the issuer (maps
                            to `issuing_country`).
                counterparty:
                  type: object
                  description: >-
                    The counterparty of the transaction (optional). Same shape
                    as `subject`; `externalUserId` is meaningful here.
                  properties:
                    type:
                      type: string
                      description: >-
                        Entity type (maps to `entity_type`): `individual` or
                        `company`.
                    externalUserId:
                      type: string
                      description: >-
                        Your internal identifier for the counterparty (maps to
                        `vendor_data`).
                    fullName:
                      type: string
                    firstName:
                      type: string
                    lastName:
                      type: string
                    dob:
                      type: string
                      format: date
                    address:
                      type: object
                    institutionInfo:
                      type: object
                    device:
                      type: object
                    paymentMethod:
                      type: object
                      description: >-
                        Payment method used by the counterparty (maps to
                        `payment_method`). On travelRule transactions, `type:
                        "unhosted_wallet"` declares the counterparty wallet as
                        self-hosted: the transfer skips counterparty-VASP
                        routing, is created directly in `UNCONFIRMED_OWNERSHIP`,
                        and (when `auto_wallet_verification` is enabled) a
                        wallet-ownership widget session is auto-minted and
                        returned in `action_required` so the SDK can launch it.
                      properties:
                        type:
                          type: string
                          description: >-
                            Payment method kind (maps to `method_type`), e.g.
                            `bank_card`, `bank_account`, `crypto_wallet`,
                            `ewallet`, `unhosted_wallet`, `other`. Use
                            `unhosted_wallet` to declare a self-hosted wallet
                            for the Travel Rule.
                        accountId:
                          type: string
                          description: >-
                            Account identifier (maps to `account_id`): IBAN,
                            card fingerprint, or wallet address.
                        issuingCountry:
                          type: string
                props:
                  type: object
                  additionalProperties: true
                  description: >-
                    Custom key-value pairs (maps to `custom_properties`). Each
                    key can be referenced in rule conditions as
                    `custom_values.<key>`.
                travelRule:
                  type: object
                  description: >-
                    Travel Rule details (maps to `travel_rule_details`). When
                    Travel Rule is enabled for the application, Didit ignores
                    any `status` you send and drives the exchange itself.
                  required:
                    - status
                  properties:
                    status:
                      type: string
                    protocol:
                      type: string
                    required:
                      type: boolean
                    obligationsCount:
                      type: integer
                    originatorData:
                      type: object
                    beneficiaryData:
                      type: object
                    metadata:
                      type: object
                includeCryptoScreening:
                  type: boolean
                  nullable: true
                  description: >-
                    Per-transaction override for crypto blockchain analytics
                    screening (maps to `include_crypto_screening`).
                fingerprint_v2:
                  type: object
                  description: >-
                    The `didit-fp-v2` device fingerprint payload. Injected
                    automatically by the SDKs; only relevant when calling the
                    wire API directly.
              required:
                - txnId
                - type
                - info
                - subject
            example:
              txnId: wd-2026-07-07-0042
              type: travelRule
              info:
                direction: out
                amount: '0.25'
                currency: ETH
                currencyType: crypto
                cryptoParams:
                  crypto_chain: ETH
              subject:
                fullName: Jane Doe
              counterparty:
                fullName: Ana Diaz
                paymentMethod:
                  type: unhosted_wallet
                  accountId: 0xBeneficiaryWallet01
              travelRule:
                status: AWAITING_COUNTERPARTY
                beneficiaryData:
                  wallet_address: 0xBeneficiaryWallet01
                  name: Ana Diaz
              includeCryptoScreening: true
      responses:
        '201':
          description: >-
            Transaction submitted and monitored. Same detail shape as `GET
            /v3/transactions/{transaction_id}/`, including the `action_required`
            block when the end user must complete a follow-up action (the SDKs
            auto-launch it by default).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TransactionDetail'
              examples:
                Wallet ownership required:
                  value:
                    uuid: 22222222-3333-4444-5555-666666666666
                    txn_id: wd-2026-07-07-0042
                    transaction_type: travelRule
                    direction: OUTBOUND
                    status: AWAITING_USER
                    amount: '0.25'
                    currency: ETH
                    travel_rule:
                      uuid: 33333333-4444-5555-6666-777777777777
                      status: ON_HOLD
                      required: true
                    action_required:
                      type: wallet_ownership
                      url: >-
                        https://verification.didit.me/wallet-ownership/3s9x...urlsafe
                      widget_session_id: 77777777-8888-9999-aaaa-bbbbbbbbbbbb
                      expires_at: '2026-07-07T13:00:00Z'
        '400':
          description: >-
            Validation failed (missing required fields, duplicate `txnId`,
            unknown category).
          content:
            application/json:
              examples:
                Missing fields:
                  value:
                    info:
                      currency:
                        - This field is required.
        '401':
          description: >-
            The transaction token was rejected: missing, unknown, revoked, over
            its `max_uses`, or expired. Expired-token responses always contain
            the word `expired` in the detail, which is how the SDKs distinguish
            `expired_token` from `invalid_token` errors.
          content:
            application/json:
              examples:
                Invalid token:
                  value:
                    detail: Invalid transaction token.
                Expired token:
                  value:
                    detail: Transaction token expired.
      security:
        - TransactionTokenAuth: []
      x-codeSamples:
        - lang: curl
          label: curl
          source: |-
            curl -X POST https://verification.didit.me/v1/transactions/ \
              -H 'X-Transaction-Token: SDK_TOKEN' -H 'Content-Type: application/json' \
              -d '{"txnId": "wd-2026-07-07-0042", "type": "travelRule", "info": {"direction": "out", "amount": "0.25", "currency": "ETH", "currencyType": "crypto"}, "subject": {"fullName": "Jane Doe"}, "counterparty": {"fullName": "Ana Diaz", "paymentMethod": {"type": "unhosted_wallet", "accountId": "0xBeneficiaryWallet01"}}, "travelRule": {"status": "AWAITING_COUNTERPARTY", "beneficiaryData": {"wallet_address": "0xBeneficiaryWallet01", "name": "Ana Diaz"}}, "includeCryptoScreening": true}'
        - lang: javascript
          label: Web SDK
          source: |-
            import { DiditSdk } from '@didit-protocol/sdk-web';

            const result = await DiditSdk.shared.submitTransaction({
              transactionToken: sdkToken,
              transaction: {
                txnId: 'wd-2026-07-07-0042',
                category: 'travelRule',
                details: { direction: 'out', amount: '0.25', currency: 'ETH', currencyType: 'crypto' },
                subject: { fullName: 'Jane Doe' },
                counterparty: { fullName: 'Ana Diaz', paymentMethod: { type: 'unhosted_wallet', accountId: '0xBeneficiaryWallet01' } },
                travelRule: { status: 'AWAITING_COUNTERPARTY', beneficiaryData: { wallet_address: '0xBeneficiaryWallet01', name: 'Ana Diaz' } },
                includeCryptoScreening: true
              },
              onActionCompleted: (refreshed) => console.log(refreshed.status)
            });
components:
  schemas:
    TransactionDetail:
      type: object
      description: >-
        Full monitoring record for one transaction, as returned by `GET
        /v3/transactions/{transaction_id}/` and `POST /v3/transactions/`.
      properties:
        uuid:
          type: string
          format: uuid
          description: >-
            Didit-stable transaction identifier. Use as `{transaction_id}` for
            follow-up calls.
        transaction_number:
          type: integer
          description: >-
            Application-scoped sequential transaction number shown in Console
            (e.g. `4123`).
        txn_id:
          type: string
          description: >-
            The `transaction_id` you supplied at create time (max 128 chars).
            Unique per application.
        txn_date:
          type: string
          format: date-time
          description: >-
            When the transaction occurred (from `transaction_at`; defaults to
            submission time).
        zone_id:
          type: string
          nullable: true
          description: IANA time zone identifier provided at create time.
        transaction_type:
          type: string
          description: >-
            Top-level category as stored: `finance`, `kyc`, `travelRule`,
            `userPlatformEvent`, `gamblingBet`, `gamblingLimitChange`,
            `gamblingBonusChange`, `auditTrailEvent`. Note multi-word values are
            echoed back in camelCase even when submitted in snake_case.
        action_type:
          type: string
          description: >-
            Sub-type within the category (e.g. `deposit`, `withdrawal`,
            `transfer`). Defaults to the category when not supplied.
        direction:
          type: string
          enum:
            - INBOUND
            - OUTBOUND
          description: >-
            Direction relative to the subject. Stored uppercase regardless of
            the casing submitted (`in`/`out`/`inbound`/`outbound` are accepted
            on input).
        status:
          type: string
          enum:
            - APPROVED
            - IN_REVIEW
            - DECLINED
            - AWAITING_USER
          description: >-
            Current monitoring verdict. Transactions are created `APPROVED`;
            rules may flip them to `IN_REVIEW`/`DECLINED` synchronously.
        amount:
          type: string
          description: >-
            Transaction amount as a decimal string with trailing zeros stripped
            (e.g. `"1500"`, `"0.5"`, `"0.123456789012345678"`). Up to 18 decimal
            places.
        currency:
          type: string
          description: Currency code of `amount` (e.g. `EUR`, `USD`, `BTC`).
        currency_type:
          type: string
          nullable: true
          description: '`fiat` or `crypto`, as submitted in `currency_kind`.'
        amount_in_default_currency:
          type: string
          nullable: true
          description: >-
            Pre-converted amount you supplied, as a decimal string with trailing
            zeros stripped.
        default_currency_code:
          type: string
          nullable: true
        preferred_currency_amount:
          type: string
          nullable: true
          description: >-
            `amount` converted to the application's preferred currency, when
            available.
        preferred_currency_code:
          type: string
          nullable: true
        payment_details:
          type: string
          nullable: true
          description: Free-text payment reference or memo from the submission.
        payment_txn_id:
          type: string
          nullable: true
          description: >-
            External payment system reference (e.g. blockchain transaction hash)
            from `payment_reference_id`.
        score:
          type: integer
          description: Risk score accumulated by rules (typically 0–100). Higher = riskier.
        severity:
          type: string
          nullable: true
          enum:
            - UNKNOWN
            - LOW
            - MEDIUM
            - HIGH
            - CRITICAL
          description: >-
            Categorical risk severity set by rules/providers (`UNKNOWN`, `LOW`,
            `MEDIUM`, `HIGH`, `CRITICAL`). `null` until something sets it.
        decision_reason_code:
          type: string
          nullable: true
          description: Machine-readable reason for the current `status`.
        decision_reason_label:
          type: string
          nullable: true
          description: Human-readable label for `decision_reason_code`.
        vendor_data:
          type: string
          nullable: true
          description: Convenience copy of the applicant's `vendor_data`.
        metadata:
          type: object
          description: >-
            Snapshot of the `subject` and `counterparty` payloads as submitted
            at create time.
        props:
          type: object
          description: >-
            The `custom_properties` you supplied at create time. Each key is
            addressable in rule conditions as `custom_values.<key>`.
        tags:
          type: array
          items:
            type: object
            properties:
              uuid:
                type: string
                format: uuid
              name:
                type: string
              color:
                type: string
              description:
                type: string
                nullable: true
              source:
                type: string
                enum:
                  - didit
                  - custom
                description: Whether the tag is a Didit preset or a custom tag.
          description: Tags attached to the transaction (manually or by rules).
        parties:
          type: array
          items:
            type: object
            properties:
              uuid:
                type: string
                format: uuid
              role:
                type: string
                enum:
                  - APPLICANT
                  - REMITTER
                  - BENEFICIARY
                  - COUNTERPARTY
                description: >-
                  Party role. The create endpoint assigns `APPLICANT` (the
                  subject) and `COUNTERPARTY`.
              entity_type:
                type: string
                enum:
                  - individual
                  - company
                  - external
                  - unhostedWallet
              kind:
                type: string
                enum:
                  - USER
                  - BUSINESS
                  - EXTERNAL
                description: >-
                  `USER`/`BUSINESS` parties link back to a Didit-owned entity
                  via `vendor_data`. `EXTERNAL` parties have no Didit entity
                  behind them.
              vendor_data:
                type: string
                nullable: true
                description: Your internal user/business identifier.
              full_name:
                type: string
                nullable: true
              first_name:
                type: string
                nullable: true
              last_name:
                type: string
                nullable: true
              country_code:
                type: string
                nullable: true
                description: >-
                  Country code from the submitted `address.country` (typically
                  ISO 3166-1 alpha-3).
              dob:
                type: string
                format: date
                nullable: true
                description: Date of birth from the submitted `date_of_birth`.
              address:
                type: object
                description: Address object as submitted. `{}` when omitted.
              institution_info:
                type: object
                description: Institution details as submitted. `{}` when omitted.
              device:
                type: object
                description: >-
                  Normalized device context, including server-side IP enrichment
                  under `network_context` (geolocation, VPN/data-center flags)
                  when an IP was provided.
              external_party_snapshot:
                type: object
                nullable: true
                description: >-
                  Frozen copy of the party data for `EXTERNAL` parties (or after
                  the linked entity was deleted). `null` while linked to a live
                  entity.
          description: Transaction parties (applicant, counterparty).
        payment_methods:
          type: array
          items:
            type: object
            properties:
              uuid:
                type: string
                format: uuid
              payment_method_type:
                type: string
                enum:
                  - bank_card
                  - bank_account
                  - e_wallet
                  - crypto_wallet
                  - unhosted_wallet
                  - other
              label:
                type: string
                nullable: true
              fingerprint:
                type: string
                nullable: true
                description: >-
                  SHA-256 over `type:account_id:issuing_country` — stable
                  identifier to correlate reuse of the same instrument.
              account_id:
                type: string
                nullable: true
                description: Account identifier (IBAN, wallet address, card token, …).
              issuing_country:
                type: string
                nullable: true
              owner_kind:
                type: string
                enum:
                  - USER
                  - BUSINESS
                  - EXTERNAL
              vendor_data:
                type: string
                nullable: true
                description: Your identifier for the owning user/business.
              owner_name:
                type: string
                nullable: true
              institution_info:
                type: object
              details:
                type: object
                description: Raw `payment_method` object as submitted.
              external_owner_snapshot:
                type: object
                nullable: true
              role:
                type: string
                enum:
                  - SOURCE
                  - DESTINATION
                  - FUNDING
                  - BENEFICIARY
                description: >-
                  How this method was used in the transaction. The create
                  endpoint assigns `SOURCE`/`DESTINATION` from the direction
                  (outbound: subject = SOURCE; inbound: subject = DESTINATION).
          description: Payment methods linked to the transaction.
        activities:
          type: array
          items:
            type: object
            properties:
              uuid:
                type: string
                format: uuid
              activity_type:
                type: string
                description: >-
                  E.g. `TRANSACTION_CREATED`, `TRANSACTION_NOTE_ADDED`,
                  `TRANSACTION_STATUS_CHANGED`.
              source:
                type: string
              status:
                type: string
                nullable: true
              title:
                type: string
                nullable: true
              description:
                type: string
                nullable: true
              metadata:
                type: object
              occurred_at:
                type: string
                format: date-time
          description: >-
            Activity log entries (creation, notes, manual reviews, status
            changes).
        alerts:
          type: array
          items:
            type: object
            properties:
              uuid:
                type: string
                format: uuid
              title:
                type: string
              description:
                type: string
                nullable: true
              severity:
                type: string
                enum:
                  - UNKNOWN
                  - LOW
                  - MEDIUM
                  - HIGH
                  - CRITICAL
              status:
                type: string
                enum:
                  - OPEN
                  - INVESTIGATING
                  - AWAITING_USER
                  - PENDING_SAR
                  - SAR_FILED
                  - RESOLVED
                  - DISMISSED
              source:
                type: string
                enum:
                  - RULE
                  - PROVIDER
                  - MANUAL
              metadata:
                type: object
              created_at:
                type: string
                format: date-time
              due_at:
                type: string
                format: date-time
                nullable: true
          description: Alerts raised by rules and providers.
        rule_runs:
          type: array
          items:
            type: object
            properties:
              uuid:
                type: string
                format: uuid
              rule:
                type: string
                format: uuid
                description: UUID of the rule that ran.
              rule_title:
                type: string
              rule_description:
                type: string
                nullable: true
              rule_category:
                type: string
              matched:
                type: boolean
                description: Whether the rule's conditions matched this transaction.
              is_test:
                type: boolean
                description: >-
                  True when the rule ran in TEST mode (no effect on
                  status/score).
              mode:
                type: string
                enum:
                  - ACTIVE
                  - DISABLED
                  - TEST
              severity:
                type: string
                nullable: true
              score_delta:
                type: integer
                description: Score added by this rule's `add_score` actions.
              status_target:
                type: string
                nullable: true
                description: Status set by a `change_status` action, if any.
              action_summary:
                type: object
                description: Summary of the actions the rule executed.
              metadata:
                type: object
              created_at:
                type: string
                format: date-time
          description: >-
            Per-rule execution results — which rule fired, with what score
            impact.
        provider_results:
          type: array
          items:
            type: object
            properties:
              uuid:
                type: string
                format: uuid
              provider:
                type: string
              result_type:
                type: string
                enum:
                  - FIAT_MONITORING
                  - WALLET_SCREENING
                  - TRANSACTION_SCREENING
                  - TRAVEL_RULE
                  - NETWORK_GRAPH
                  - CUSTOM
              status:
                type: string
              severity:
                type: string
                nullable: true
              score:
                type: integer
              summary:
                type: string
                nullable: true
              payload:
                type: object
                description: Raw provider response payload.
              created_at:
                type: string
                format: date-time
          description: Raw provider payloads (AML screening, blockchain analytics, etc.).
        travel_rule:
          type: object
          nullable: true
          description: >-
            Travel Rule compliance check, present when `travel_rule_details` was
            submitted.
          properties:
            uuid:
              type: string
              format: uuid
            status:
              type: string
            protocol:
              type: string
              nullable: true
            required:
              type: boolean
            obligations_count:
              type: integer
            originator_data:
              type: object
            beneficiary_data:
              type: object
            metadata:
              type: object
        network_snapshot:
          type: object
          nullable: true
          description: >-
            Graph snapshot of related transactions/parties used by the rules
            engine, present when submitted.
          properties:
            uuid:
              type: string
              format: uuid
            nodes:
              type: array
              items:
                type: object
            edges:
              type: array
              items:
                type: object
            metrics:
              type: object
        remediation:
          type: object
          nullable: true
          description: >-
            Remediation session offered to the user when re-verification is
            required. Superseded by `action_required`, which is the canonical
            block; kept for backward compatibility.
          properties:
            session_id:
              type: string
            session_token:
              type: string
            url:
              type: string
              format: uri
            status:
              type: string
        action_required:
          type: object
          nullable: true
          description: >-
            Pending end-user action required to complete this transaction, or
            null when there is none. The Didit SDKs auto-launch the action by
            default and refresh the transaction when it finishes. Two variants,
            discriminated by `type`: `verification_session` (a hosted
            verification session created by a rule action) and
            `wallet_ownership` (a wallet-ownership widget session auto-minted
            for a Travel Rule transfer that needs proof of wallet control, gated
            by the `auto_wallet_verification` Travel Rule setting). When both
            could apply, `wallet_ownership` takes precedence because it blocks
            the Travel Rule exchange.
          oneOf:
            - title: Verification session
              type: object
              properties:
                type:
                  type: string
                  enum:
                    - verification_session
                url:
                  type: string
                  format: uri
                  description: Hosted verification URL to open for the end user.
                session_id:
                  type: string
                  format: uuid
                  description: Verification session id.
                session_token:
                  type: string
                  description: >-
                    Session token, used by the mobile SDKs to launch the flow
                    natively.
                status:
                  type: string
                  description: Verification session status.
              required:
                - type
                - url
            - title: Wallet ownership
              type: object
              properties:
                type:
                  type: string
                  enum:
                    - wallet_ownership
                url:
                  type: string
                  format: uri
                  description: >-
                    Hosted wallet-ownership widget URL. Open it in a real
                    browser surface - on mobile use SFSafariViewController or a
                    Chrome Custom Tab, never an embedded webview.
                widget_session_id:
                  type: string
                  format: uuid
                  description: Wallet-ownership widget session id.
                expires_at:
                  type: string
                  format: date-time
                  description: When the widget session expires.
              required:
                - type
                - url
        cost_breakdown:
          type: object
          nullable: true
          description: Per-feature credit cost breakdown for this transaction.
  securitySchemes:
    TransactionTokenAuth:
      type: apiKey
      in: header
      name: X-Transaction-Token
      description: >-
        Short-lived scoped token minted by your backend via POST
        /v3/transactions/sdk-token/. Used by the Didit SDKs on the device-facing
        /v1/transactions/ endpoints.

````